* By default, the <b>admin</b> user has <b>network-admin</b> rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.

* By default, the <b>admin</b> user has <b>network-admin</b> rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.

* The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.

* The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.

-

* The Cisco NX-OS uses a feature based license model. An Enterprise or Advanced Services license is required depending on the features required. Additional licenses may be required in the future.

+

* The Cisco NX-OS uses a feature based license model. An Enterprise Services, Advanced Services, Transport Services, Scalable Feature and Enhanced Layer 2 license is required depending on the features required. Additional licenses may be required in the future.

-

* A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached.

+

* A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached. Some features such as Cisco Trustsec that require an Advanced Services license cannot be configured with a grace period.

* The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the '''feature''' configuration command. Configuration and verification commands are not available until you enable the specific feature.

* The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the '''feature''' configuration command. Configuration and verification commands are not available until you enable the specific feature.

* Interfaces are labeled in the configuration as '''Ethernet'''. There aren’t any speed designations.

* Interfaces are labeled in the configuration as '''Ethernet'''. There aren’t any speed designations.

-

* The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log in for the first time You are in the default VDC(1).

+

* The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log into the console port, you are in the default VDC (VDC 1).

-

* The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports.

+

* The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports. The mgmt0 port is the only port permitted in the management VRF instance and cannot be assigned to another VRF instance.

* SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)

* SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)

-

* VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types.

+

* VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types

+

* The Console and VTY ports always prompt the user for a username/password pair for authentication before granting access to the CLI. The Cisco IOS applies the <b>login</b> command to the Console and VTY ports by default to enable password authentication (If the <b>no login</b> command is applied, a user can gain access without a password.).

+

* A user can execute <b>show</b> commands in configuration mode without using the <b>do</b> command as in Cisco IOS Software.

+

* When executing a <b>show</b> command, a user has several more options when using the pipe (<b>|</b>) option such as <b>grep</b> for parsing the output, <b>perl</b> for activating a script, and <b>xml</b> to format the output for network management applications.

Line 33:

Line 36:

* The default administer user is predefined as <b>admin</b>. An <b>admin</b> user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the <b>write erase</b> command and system is repowered.

* The default administer user is predefined as <b>admin</b>. An <b>admin</b> user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the <b>write erase</b> command and system is repowered.

-

* If you remove a feature with the global <b>no feature</b> configuration command, all relevant commands related to that feature are removed from the running configuration.

+

* The license grace-period can be disabled without any impact if the proper license is installed for a feature within the 120 day grace period.

+

* If you remove a feature with the global <b>no feature</b> configuration command, all relevant commands related to that feature are removed from the running configuration. Some features such as LaCP and vPC will not allow you to disable the feature if they are configured.

* The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)

* The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)

* The '''show running-config''' command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.

* The '''show running-config''' command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.

* The '''show tech''' command accepts several options that will display information for a specific feature.

* The '''show tech''' command accepts several options that will display information for a specific feature.

+

* The NX-OS has a configuration checkpoint/rollback feature that should be used when making changes to a production network. A checkpoint configuration can be saved in EXEC mode with the global <b>checkpoint</b> command and the rollback procedure can be executed with the <b>rollback</b> command.

Latest revision as of 17:48, 24 January 2011

Objective

This tech note outlines the main differences for the configuration fundamentals between the Cisco NX-OS software and the Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software to illustrate some the differences after the first system startup. Please refer to the NX-OS documentation on Cisco.com for a complete list of supported features.

Cisco NX-OS Overview

The Cisco NX-OS is a data center class operating system designed for maximum scalability and application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you understand the Cisco IOS you can easily adapt to the Cisco NX-OS. However, a few key differences should be understood prior to working with the Cisco NX-OS.

Important Cisco NX-OS and Cisco IOS Software Differences

In Cisco NX-OS:

When you first log into the NX-OS, you go directly into EXEC mode.

Role Based Access Control (RBAC) determines a user’s permissions by default. NX-OS 5.0(2a) introduced privilege levels and two-stage authentication using an enable secret that can be enabled with the global feature privilege configuration command.

By default, the admin user has network-admin rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.

The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.

The Cisco NX-OS uses a feature based license model. An Enterprise Services, Advanced Services, Transport Services, Scalable Feature and Enhanced Layer 2 license is required depending on the features required. Additional licenses may be required in the future.

A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached. Some features such as Cisco Trustsec that require an Advanced Services license cannot be configured with a grace period.

The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.

Interfaces are labeled in the configuration as Ethernet. There aren’t any speed designations.

The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log into the console port, you are in the default VDC (VDC 1).

The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports. The mgmt0 port is the only port permitted in the management VRF instance and cannot be assigned to another VRF instance.

SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)

VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types

The Console and VTY ports always prompt the user for a username/password pair for authentication before granting access to the CLI. The Cisco IOS applies the login command to the Console and VTY ports by default to enable password authentication (If the no login command is applied, a user can gain access without a password.).

A user can execute show commands in configuration mode without using the do command as in Cisco IOS Software.

When executing a show command, a user has several more options when using the pipe (|) option such as grep for parsing the output, perl for activating a script, and xml to format the output for network management applications.

Things You Should Know

The following list provides some additional Cisco NX-OS information that should be helpful when configuring and maintaining the Cisco NX-OS.

The default administer user is predefined as admin. An admin user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the write erase command and system is repowered.

The license grace-period can be disabled without any impact if the proper license is installed for a feature within the 120 day grace period.

If you remove a feature with the global no feature configuration command, all relevant commands related to that feature are removed from the running configuration. Some features such as LaCP and vPC will not allow you to disable the feature if they are configured.

The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)

The show running-config command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.

The show tech command accepts several options that will display information for a specific feature.

The NX-OS has a configuration checkpoint/rollback feature that should be used when making changes to a production network. A checkpoint configuration can be saved in EXEC mode with the global checkpoint command and the rollback procedure can be executed with the rollback command.

Configuration Comparison

The following sample code show similarities and differences between the Cisco NX-OS software and the Cisco IOS Software CLI.